package com.huanghuai.config;

import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import javax.annotation.Resource;

@EnableGlobalMethodSecurity(prePostEnabled = true)//开启全局方法安全 启用预授权注解和后授权注解
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
    private AppAuthenticationSuccessHandler successHandler;

    @Resource
    private AppAuthenticationFailHandler failHandler;

    @Resource
    private AppLogoutSuccessHandler logoutSuccessHandler;

    @Resource
    private AppAccessDeniedHandler deniedHandler;
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        /**
         *        .anyRequest() //任何请求
         *             .denyAll();  //拒绝
         *                 .permitAll(); //允许任何请求
         */
        http.authorizeRequests()//授权请求
                //匹配url路径的写法有三种
//                .regexMatchers("/student/**")不用学
//                .antMatchers("/student/**")不用学
                .mvcMatchers("/student/**")//匹配这个url
                //判断权限的有五种
                //hasAuthority()是否有单个权限

//                .access("hasAnyAuthority('student:add') or hasRole('admin')")
                // 是否有成对权限
//                .hasRole()是否有单个角色
//                .hasAnyRole()是否有任意角色
                .hasAnyAuthority("student:add")//拥有这个权限的用户可以访问的/student/**
                //判断是否有权限

                .mvcMatchers("/teacher/**")
                .hasAnyAuthority("teacher:query")//拥有这个权限的用户可以访问的/teacher/**
                .anyRequest() //任何请求
                .authenticated();//都需要登录，注意：没有配置mvc的只要登录成功就可以访问
        http.formLogin()
                .successHandler(successHandler)//配置认证成功处理器
                .failureHandler(failHandler)//配置1认证失败处理器
                .permitAll(); //允许表单登录 permit：允许
        http.logout().logoutSuccessHandler(logoutSuccessHandler);//配置退出成功处理器
        http.exceptionHandling().accessDeniedHandler(deniedHandler);//配置拒绝访问处理器
    }
}
